With the pace of technological change including the rise in the use of AI models such as Chat GPT, and increased awareness and scrutiny regarding online safety and security, it is not surprising that there has been a subsequent demand for specialist data privacy lawyers. In previous years data privacy was seen as part of a broader commercial role, but recently at Marsden our in-house team has been asked to find specialists at all levels.

Marsden’s Megan Williams has significant experience in recruiting data privacy lawyers for a number of in-house legal teams across all sectors. “There is a huge amount of change happening now that companies are trying to respond to quickly,” said Megan. “The last major change in the data privacy arena was GDPR and the demand in his area has lessened since it is up to privacy teams to just maintain the policies and processes that are already in place. The next changes in-house counsel are trying to prepare for include major proposed new EU legislation on AI and data, dealing with the legal challenges in using cloud computing, and potential group action litigations for data misuse.”

New legislation on the horizon

The Artificial Intelligence Act, a proposed EU law currently under discussion, is the first of its kind in the world and will affect all companies operating within the EU.  It is anticipated that once adopted it could become a global standard in the way that the EU’s GDPR framework has. Its broad aim is to ensure that AI is used in an ethical and positive manner and that the well-publicised risks of AI are minimised. A classification system is being proposed that determines the level of risk an AI technology could pose to the health and safety or fundamental rights of a person. The new law will affect all companies using AI as well as the providers of AI themselves.

The rise of AI is generally perceived to be a threat to the legal sector – the Law Society has estimated that automation is to replace 67,000 jobs by 2038. However it is also likely to contribute to a significant rise in new roles and encourage legal professionals to develop other (and irreplaceable) skills. With AI replacing the ‘drudge’ work, it will free up the time of junior lawyers.

Another proposed EU law, the Data Act, aims to create a single market for the free flow of data across borders and sectors. Unlike GDPR, it covers non-personal data, regulating the rights and obligations of those involved in sharing data from connected devices capable of collecting and exchanging data (i.e. “Internet of Things” products). It will apply to any company, irrespective of where it is based, that places its products or services on the EU market or makes its data available to recipients in the EU, so will have very broad implications for data privacy lawyers.

Increasing use of cloud-based services

With more and more private companies as well as public services moving to the cloud there is increased work for data privacy lawyers, both in-house and in private practice. Cloud computing generally increases efficiency and can reduce a business’s physical IT costs but it also involves the distribution of data across servers that can be based in many different countries. Companies that store data in the cloud need to be aware of all of the laws of the relevant countries, especially in the event of a breach and subsequent investigation and possible litigation. There is an increasing demand for specialist counsel to advise not just on the contracts for cloud computing services but also the legal implications of data being moved and accessed across borders.

Greater public awareness is helping to drive compliance – and litigation

Knowledge and understanding of data privacy within the wider public is becoming greater, which is driving up the level of compliance within businesses – particularly because of the growth in group action cases demanding compensation for data breaches. The most high profile of these is perhaps the Facebook/Cambridge Analytica case, where personal data belonging to millions of Facebook users was collected without their consent by the consulting firm Cambridge Analytica, predominantly to be used for political advertising. At the end of 2022 Facebook owner Meta agreed to pay $725 million to settle the class-action lawsuit.

For technology-minded lawyers there has never been a better time to explore data protection and privacy roles, with specialist skills greatly in demand. “With the pace of progression, there is likely to be more need for in-house counsel with the experience and mindset to respond to these increased challenges,” said Megan. “Companies are seeing the added value of having specialists in their legal teams rather than having to outsource to law firms.”

Please contact Megan directly about in-house data privacy roles or connect with her on LinkedIn. Find out more about our work in In-house Recruitment here.